NGINX Controller API Key
Service Name: NGINX Controller
Service Description: NGINX Controller is an application delivery and API management platform that provides centralized management and monitoring for NGINX Plus instances. It allows organizations to control, secure, and optimize application delivery across multiple environments.
Service Address: https://www.nginx.com/products/nginx-controller/
Validation Type: API Auth
IP Allow list: IP restrictions can be configured at the NGINX Controller level through access control lists.
Secret Access Scope: Grants programmatic access to NGINX Controller API, allowing management of NGINX Plus instances, application configurations, certificates, and monitoring data.
Secret Revokement URL: https://docs.nginx.com/nginx-controller/admin-guides/user-management/
Secret Example: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJuZ2lueC1jb250cm9sbGVyIiwibmFtZSI6IkFQSSBLZXkiLCJpYXQiOjE1MTYyMzkwMjJ9.L8J9vUcCxmPDJXOS9Yl_FtYXkn4sXXgJPOHWA7giXpE
Suspicious Activity Investigation Instructions:
- Review NGINX Controller audit logs for unusual API calls or configuration changes
- Check for unauthorized instance additions or modifications
- Monitor for unexpected certificate or key changes
- Examine traffic patterns for anomalies in application delivery configurations
- Review user access logs for suspicious login attempts or locations
Mitigation Instructions:
- Log into the NGINX Controller web interface as an administrator
- Navigate to the "Administration" section
- Select "User Management" and locate the API key in question
- Click "Revoke" or "Delete" to invalidate the compromised API key
- Generate a new API key if needed for legitimate services
- Update any legitimate applications or services with the new API key
- Review and tighten access control policies for API keys
- Consider implementing IP-based restrictions for API access
- Enable additional authentication mechanisms if available